From: helge Date: Fri, 8 Jul 2005 10:33:00 +0000 (+0000) Subject: added Internet check X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dfec8df4190f32d7eb9aea86778a38292d66b190;p=scalable-opengroupware.org added Internet check git-svn-id: http://svn.opengroupware.org/SOGo/trunk@699 d1b88da0-ebda-0310-925b-ed51d893ca5b --- diff --git a/SOGo/SoObjects/Mailer/ChangeLog b/SOGo/SoObjects/Mailer/ChangeLog index 438b09ce..498306a6 100644 --- a/SOGo/SoObjects/Mailer/ChangeLog +++ b/SOGo/SoObjects/Mailer/ChangeLog @@ -1,3 +1,10 @@ +2005-07-08 Helge Hess + + * SOGoMailAccounts.m: only deliver share-names as subobjects if the + request is not coming from the Internet. Ensure that limitation in + -lookupName:. Can be enabled using SOGoInternetDetectQualifier just + like in UIxMailEditor (v0.9.93) + 2005-07-08 Helge Hess * v0.9.92 diff --git a/SOGo/SoObjects/Mailer/README b/SOGo/SoObjects/Mailer/README index bfccb5bb..31df555a 100644 --- a/SOGo/SoObjects/Mailer/README +++ b/SOGo/SoObjects/Mailer/README @@ -39,3 +39,10 @@ SOGoNoDraftDeleteAfterSend YES|NO - makes the draft's -delete method a NOOP SOGoSpecialFoldersInRoot YES|NO - do special folders live under INBOX? - corresponds to the Cyrus setting: "altnamespace: yes" SOGoEnableSieveFolder YES|NO - should the Sieve folder be visible? + +SOGoInternetDetectQualifier +- an EOQualifier to detect whether a set of HTTP headers is from the outside, + eg: "NOT (minequprovenance = 'intranet')" + -SOGoInternetDetectQualifier '"NOT (minequprovenance = \"intranet\")"' + Note: all header field names are lowercase + Testing: -SOGoInternetDetectQualifier '"host = \"agenor.opengroupware.org\""' \ No newline at end of file diff --git a/SOGo/SoObjects/Mailer/SOGoMailAccounts.m b/SOGo/SoObjects/Mailer/SOGoMailAccounts.m index d3e8d756..78a1b25a 100644 --- a/SOGo/SoObjects/Mailer/SOGoMailAccounts.m +++ b/SOGo/SoObjects/Mailer/SOGoMailAccounts.m @@ -26,6 +26,43 @@ @implementation SOGoMailAccounts +static EOQualifier *internetDetectQualifier = nil; +static NSString *AgenorShareLoginMarker = @".-."; + ++ (void)initialize { + NSUserDefaults *ud = [NSUserDefaults standardUserDefaults]; + NSString *s; + + if ((s = [ud stringForKey:@"SOGoInternetDetectQualifier"]) != nil) { + internetDetectQualifier = + [[EOQualifier qualifierWithQualifierFormat:s] retain]; + if (internetDetectQualifier == nil) + NSLog(@"ERROR: could not parse qualifier: '%@'", s); + } + if (internetDetectQualifier == nil) + NSLog(@"SOGoMailAccounts: no 'SOGoInternetDetectQualifier' configured."); + else { + NSLog(@"SOGoMailAccounts: detect Internet access using: %@", + internetDetectQualifier); + } +} + +/* detect webmail being accessed from the outside */ + +- (BOOL)isInternetRequest { + WORequest *rq; + + rq = [[(WOApplication *)[WOApplication application] context] request]; + if (rq == nil) { + [self logWithFormat: + @"ERROR: got no WORequest for checking Internet headers!"]; + return NO; + } + + return [(id)internetDetectQualifier + evaluateWithObject:[rq headers]]; +} + /* listing the available mailboxes */ - (NSArray *)toManyRelationshipKeys { @@ -39,10 +76,12 @@ uid = [[self container] davDisplayName]; /* the uid part of the URL */ account = [um getIMAPAccountStringForUID:uid]; - shares = [um getSharedMailboxAccountStringsForUID:uid]; - if (account != nil) account = [NSArray arrayWithObject:account]; + if ([self isInternetRequest]) /* only show primary mailbox in Internet */ + return account; + + shares = [um getSharedMailboxAccountStringsForUID:uid]; return ([shares count] == 0) ? account : [account arrayByAddingObjectsFromArray:shares]; @@ -79,8 +118,18 @@ if ((obj = [super lookupName:_key inContext:_ctx acquire:NO])) return obj; - if ([self isValidMailAccountName:_key]) + if ([self isValidMailAccountName:_key]) { + /* forbid shares for requests coming from the Internet */ + if ([self isInternetRequest]) { + if ([_key rangeOfString:AgenorShareLoginMarker].length > 0) { + return [NSException exceptionWithHTTPStatus:403 /* Forbidden */ + reason: + @"Access to shares forbidden from the Internet"]; + } + } + return [self mailAccountWithName:_key inContext:_ctx]; + } /* return 404 to stop acquisition */ return [NSException exceptionWithHTTPStatus:404 /* Not Found */]; diff --git a/SOGo/SoObjects/Mailer/Version b/SOGo/SoObjects/Mailer/Version index 8fcde6b1..52b2edd8 100644 --- a/SOGo/SoObjects/Mailer/Version +++ b/SOGo/SoObjects/Mailer/Version @@ -1,6 +1,6 @@ # Version file -SUBMINOR_VERSION:=92 +SUBMINOR_VERSION:=93 # v0.9.91 requires libNGMime v4.5.222 # v0.9.69 requires libNGMime v4.5.210 diff --git a/SOGo/UI/MailerUI/UIxMailEditor.m b/SOGo/UI/MailerUI/UIxMailEditor.m index 571bb62c..a10dd378 100644 --- a/SOGo/UI/MailerUI/UIxMailEditor.m +++ b/SOGo/UI/MailerUI/UIxMailEditor.m @@ -86,12 +86,14 @@ static NSArray *infoKeys = nil; internetDetectQualifier = [[EOQualifier qualifierWithQualifierFormat:s] retain]; if (internetDetectQualifier == nil) - NSLog(@"ERROR: could not parse qualifier: '%@'", s); + NSLog(@"UIxMailEditor: could not parse qualifier: '%@'", s); } if (internetDetectQualifier == nil) - NSLog(@"Note: no 'SOGoInternetDetectQualifier' configured."); - else - NSLog(@"Note: detect Internet access using: %@", internetDetectQualifier); + NSLog(@"UIxMailEditor: no 'SOGoInternetDetectQualifier' configured."); + else { + NSLog(@"UIxMailEditor: detect Internet access using: %@", + internetDetectQualifier); + } internetMailHeaders = [[ud dictionaryForKey:@"SOGoInternetMailHeaders"] copy]; @@ -167,7 +169,6 @@ static NSArray *infoKeys = nil; /* detect webmail being accessed from the outside */ - (BOOL)isInternetRequest { - // TODO: make configurable! (eg allow specification of a qualifier) WORequest *rq; rq = [[self context] request];